Spam and phishing mail

Trick or treat?

Halloween’s almost here. And it’s not just the witches, ghosts and ghouls you need to watch out for, but the latest wave of Internet scams. As ever, the spammers are out in force, offering cheap software:

costumes and personalized gifts:

and even e-cards!

If you want to send a card, you need to install a special browser utility. Do this, and as long you’re in the US, Canada, or a number of other Western countries, the spammer will get paid by the guys who developed the utility.

If you’re coming from a Russian IP address, though, you’ll see this message:

and get redirected to a lottery site:

If you’re a regular reader of this blog, you might find the last two screen shots familiar; in fact, the scam is identical to one I wrote about back in June this year.

The spammers haven’t changed their tried and trusted methods for this holiday, and we haven’t changed our advice – take up an offer like the ones above, and you’ll be putting money into spammers’ pockets, giving away your personal details, or opening the door to malware. And I think all of that is a lot scarier than any Halloween monster…

Trick or treat?

Your email address will not be published.

 

Reports

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Lazarus Trojanized DeFi app for delivering malware

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox